Chances Are – You Have Been On A Zoom Conference

In The Last Few Weeks – But Is It Secure?

The short answer to this is – maybe 🙂 . If you have paid attention to the news (and who hasn’t in the last few weeks) you are probably aware of some significant security concerns with Zoom conferencing software and related services. However the question many people have is – how concerned should I be and how do I secure it?

Summary of the Risks

In a nutshell here are the main risks that have been brought up ;

Zoombombing – a scenario where unwanted attendees are able to intrude upon a meeting and introduce unwanted audio, comments, or pictures effectively disrupting the meeting.

Potential for your Windows credentials to be leaked through a Zoom conference

How can you address these risks?

In order of the risks listed;

– Zoombombing – this was exploited by either not having a password for the meeting set or sharing the password publicly. Zoom has since made it the default for all meetings to have a password assigned. Unless you remove the password manually in the meeting setup, you should be OK.

The second part of this is if you share your meeting publicly, anyone will automatically have the password. We get it… sometimes you want to host a public meeting that anyone can join. For those instances Zoom has the ability to require registration to attend the meeting. This means that all users must give you their information to attend.

In addition to this you can enable the “Waiting Room” feature that puts all attendees in a virtual waiting room that requires you to manually admit them to the conference. While there is still the potential for a malicious attendee to register and join the meeting through the waiting room – it removes the conference as “low hanging fruit” for those wanting to disrupt.

– Potential for Windows credentials to be leaked – This vulnerability stems from a malicious attendee enticing others to click on a link in the chat window of a Zoom conference. The simplest way to address this is make sure(just as you would with email, online platforms, texts etc.) that you don’t click on links that are unexpected or from users you don’t know. There are some backend fixes that your I.T. department can deploy but seriously – don’t click on things that you don’t know what they are 🙂

– No end to end encryption of calls. Unfortunately at this point that is still a limitation of the Zoom platform. What this means is that there is the POTENTIAL for your call to be intercepted at the Zoom hub – but not by any other point in between. While the chances of that are very limited, the possibility does exist and given the discovery that some calls were recently routed through China, it is cause for concern for any complex security requirement or organizations with sensitive information on the calls.

– Unintended/unwanted software installed with Zoom. Again this goes back to the platform itself and a function of the actual installer. Zoom, for the most part, since there has been a heightened awareness of security concerns, is addressing those concerns daily and has committed to making security one of its priorities for the next few months.

Other Recommendations to Help Secure Meetings

These are normal security recommendations but have become more and more important as it relates to securing whatever video conferencing solution you are using;

Don’t ever, ever, EVER reuse passwords between sites/services. Statistics show that over 70% of users use the same password on multiple sites and services!! Seriously…PLEASE stop doing that! Make it a priority today to change those passwords!

What are the other options for video conferencing?

While with any software solution that has explosive growth like Zoom has had over the last 30 days – there are bound to be security issues raised with the increased usage and focus. Nothing is 100% secure nor will it ever be.

But each organization must make the decision to weigh the risks associated with tools and platforms they will use. Fortunately there are several very robust video conferencing solutions available;

The Good News

The good news is that while there may be some security concerns around any software, the ease of use and availability of video conferencing has enabled millions of users to work from anywhere and most importantly, enabled many of us to work from home safely. So hats off to all video conference providers for keeping our businesses and organizations running and working from anywhere! With some good security practices and attention to detail – you CAN work remotely and get through these unprecedented times!

As always, if you have questions or concerns, DaZZee is here for you. :